0579-1088 

l/pPT> 10/533772 
1 JC17Rec'dPCT7PT0 04 MAY 2005 

Microcircuit card comprising means for publication its data 

obj ects 

The present invention relates to a microcircuit 
5 card that can be inserted into a computer system, the card 
including a host computer system (processor, memories, 
etc.) and at least one data object (software programs, 
variables, files, etc.) used by the host system. 

In the remainder of the present document, we will 

10 use: 

- the term "terminal" to refer to the computer 
system, including a microcircuit card reader into which the 
card is inserted. The terminal may be for example, a 
personal computer (PC), a telecommunication device 

15 (telephone, personal digital assistant, etc.) or a digital 
data processing system designed to perform a particular 
kind of processing, for example cryptographic processing; 

the term "third-party system" to refer to a 
computer system connected to the terminal -.as defined above 

20 via a telecommunication network (local area network, 
Internet , etc . ) . 

In known manner, the Java Card 2.2 standard defines 
an object language for simplifying the development of 
software applications executing on a microcircuit card. The 

25 host system of the microcircuit card conventionally 
includes an operating system (OS) etched into a read-only 
memory (ROM) of the card, this operating system including a 
Java Card virtual machine (JVM) . 

According to this standard, the host system of the 

30 card and the terminal communicate by means of a standard 
rudimentary communication protocol. 

To be more precise, information exchanged between 
the host system and the terminal is coded in hexadecimal 
and placed in a table of bytes that constitutes either a 

35 command message from the terminal to the card or a response 
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message from the card to the terminal. A command or 
response message of this kind is known as an application 
protocol data unit (APDU) . 

Unf ortunately, the Java Card 2.2 standard does not 
5 provide for publishing the list of the data objects 
accessible on the card. 

This constraint makes it very difficult to develop 
software applications executing on a terminal system or a 
third-party system. This is because developing software 
10 applications executing on that kind of system necessitates 
fastidious coding of the APDUs, and in particular a 
knowledge of the hexadecimal codes for addressing the 
objects of the card. One example of a software application 
conforming to the Java Card 2.2 standard is set out by way 
15 of example in appendix A. 

The present invention aims to solve the problems 
cited above. To be more precise, in accordance with a first 
aspect, the invention provides a microcircuit card 
including at least one data object, the card being 
20 characterized in that it includes: 

a register including a logical identifier of 
that object and at least one first reference of that object 
local to the card, and 

- means adapted, on reception of a first message 
25 including the logical identifier, to communicate at least 
one second local reference obtained from the first local 
reference . 

Correlatively, and according to a second aspect, 
the invention concerns computer equipment of terminal type 

30 including means adapted to implement a software application 
including at least one first instruction for using at least 
one data object in a microcircuit card, the first 
instruction using a logical identifier of that object. The 
terminal is characterized in that it includes means for 

35 obtaining, from the logical identifier, at least one second 
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local reference obtained by the microcircuit card from a 
first reference of the data object local to the card, 

means for translating the first instruction into at 
least one second instruction that can be executed on said 
5 card, the second instruction using that second local 
reference, and communication means adapted to communicate 
the second instruction to the card for said use. 

Thus a software application executing on the 
terminal can include instructions for executing a data 
10 object of the card and using a logical identifier of that 
object instead of a reference local to the card. 

Moreover, the software application can include 
high-level instructions for exchange of information between 
the terminal and the host system . of the card which are 
15 translated into APDU messages by the above translation 
means . 

Thus the present invention facilitates the 
development of software applications executing on the 
terminal because the developer does not need to know the 
20 hexadecimal codes for addressing the objects of -the 
microcircuit card or to code the APDU commands. 

A data object of the microcircuit card can in 
particular be a computer program, a variable or a computer 
file. 

25 According to one advantageous feature, the 

microcircuit card further includes means for publication of 
the logical identifier and of the first local reference in 
the register of the card. 

In a first embodiment, the register of the card is 

30 created once and for all, i.e. in static manner at the time 
of creating the microcircuit card. 

On the other hand, in a preferred embodiment of the 
present invention, the publication means enable dynamic 
publication of the logical identifier and the first local 

35 reference of the data object in the register of the card. 
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Thus only the data objects necessary at a given time are 
accessible to software applications executing on the 
terminal . 

In a preferred embodiment, the data object is a 
5 Java Card type object belonging to a Java Card applet and 
the second local reference of the data object conforms to 
the Java Card standard. In this preferred embodiment , the 
obtaining means of the computer equipment terminal are 
adapted to obtain the second local reference conforming to 
10 the Java Card standard from the microcircuit card. 

The publication is preferably performed at the 
initialization of that applet. 

This preferred embodiment leaves it up to the 
developer of the Java applet executing on the host system 
15 of the microcircuit card whether to make each data object 
of that applet accessible or not to software applications 
executing on the terminal. 

In a variant of the above preferred embodiment, the 
communication means are adapted to communicate an 
20 identifier of the applet on reception of the first message. 

Thus in this variant the identifier of the applet 
is obtained without the programmer having to know its 
hexadecimal code. According to the Java Card standard, this 
identifier is needed if it is to be possible to use the 
25 data objects of the applet subsequently. 

In another preferred variant embodiment of the 
microcircuit card of the invention, on reception of a 
second message, the communication means of the card 
communicate all the logical identifiers included in the 
30 register of the card. 

This variant is particularly advantageous because 
it enables the terminal system to know all the data objects 
published by the microcircuit card and the various versions 
of those objects. 
35 In a first variant embodiment, the second local 
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reference communicated by the communication means of the 
microcircuit card is the first local reference of the data 
object proper. 

In a preferred variant embodiment, the second local 
5 reference is temporary and is obtained by encrypting the 
first local reference using an encryption key of the 
microcircuit card . 

Thus the second local reference can be used only 
for a session defined by the selection of the applet. This 

10 preferred variant embodiment makes the card more secure, in 
accordance with the recommendations of the Java Card 2.2 
standard, in order to guard against attack by "replaying", 
i.e. attacks aiming to make fraudulent use of the object of 
the card, by re-using its reference, without selecting the 

15 applet implementing that object. 

In a preferred embodiment, the terminal further 
includes means for publication, in one of its registers, a 
buffer object including an interface identical to that of 
the data object of the card, that buffer object being 

20 adapted to translate an instruction executing on a third- 
party system and using the logical identifier into at least 
one second instruction that can be executed on the card and 
uses the second local reference. 

This preferred embodiment enables the use of the 

25 data objects of the microcircuit card by a software 
application executing on a third-party system networked 
with the terminal of the card. 

The register preferably conforms to the Java2 SE 
RMI Registry standard. 

30 In a preferred variant of this embodiment, the 

publication means obtain and publish in this register of 
the terminal system all the buffer objects of the data 
objects published by said card. 

This variant is particularly advantageous because 

35 it enables the third-party system to know all the data 
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objects published by the microcircuit card and the various 
versions of those objects. 

The invention will be better understood and other 
advantages will become clearer in the light of the 
5 following description of a microcircuit card and a computer 
system terminal conforming to the principle thereof, the 
description being given by way of example only and with 
reference to the appended drawings, in which: 

- figure 1 is a block diagram of a microcircuit 
10 card conforming to one particular embodiment of the present 

invention, and 

- figure 2 is a block diagram of a computer system 
terminal conforming to a preferred embodiment of the 
invention . 

15 Moreover, the description is accompanied by the 

following appendices : 

- appendix A: source code of a Java Card applet of 
the figure 1 microcircuit card; 

- appendix B: first part of the source code of a 
20 client code of the computer system terminal from figure 2; 

- appendix C: syntax table of an APDU command for 
obtaining the identifier of an applet; 

- appendix D: syntax table of an APDU command for 
obtaining the reference of an object; 

25 - appendix E: syntax table of an APDU command for 

assigning a value to a data object in conformance with the 
IS07816 standard; 

- appendix F: second part of the source code of a 
client code of the figure 2 computer system terminal; 

30 - appendix G: syntax table of an APDU command for 

executing a program remotely on a microcircuit card; and 

- appendix H: syntax table of an APDU command for 
obtaining the logical identifiers of all the objects of a 
microcircuit card . 

35 Figure 1 represents a microcircuit card 10 
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conforming to the present invention. The card 10 includes a 
host data processing system including a processor CPU 
associated in the conventional way with a read-only memory 
ROM, a volatile random-access memory RAM, and a non- 
5 volatile rewritable memory EEPROM. 

The read-only memory ROM contains an operating 
system OS including a Java Card virtual machine JVM. 

The microcircuit card 10 includes input-output 
means I/O adapted to send digital data to a terminal and to 
10 receive digital data from that terminal. 

The input-output means I/O consist, for example, of 
a serial port known to the person skilled in the art. 

The microcircuit card 10 described here contains 
three data objects. 
15 As known to the person skilled in the art, an 

object conforming to the Java Card standard is a special 
case of a computer program. For simplicity, and by 
convention, in the remainder of this document an object may 
be regarded as a computer program. 
20 Thus the microcircuit card 10 includes a first data 

object, namely a computer program belonging to a Java Card 
applet CalculatorApplet whose code (see appendix A) is 
stored in a rewritable memory EEPROM. 

This data object includes a first reference 0060H 
25 local to the card 10 and conforming to the Java Card 
standard. In the prior art, the programmer of a software 
application executing on the terminal has to use this 
reference 0060H to execute this program on the card. 

According to the present invention, computer 
30 program also includes a logical identifier "myCalculator" 
that can be used by a programmer of the computer system 
terminal in place of the reference 0060H. 

The microcircuit card 10 contains a second data 
object, namely a file stored in the non-volatile rewritable 
35 memory EEPROM. 



Note first that the term "file" as used in the 
present document must be understood in a broad sense, 
designating either a file or a directory. In particular, 
the term "file" is used to designate a directory DF 
5 (Dedicated File) and a file EF (Elementary File) in the 

sense of the IS07816 standard. 

As known to the person skilled in the art of 
microcircuit cards, the file includes, in accordance with 
the IS07816 standard, a first reference local to the card 
10 known as the FID (File Identifier) and coded in hexadecimal 
on two bytes, in the present example "3F00H". 

According to the present invention, this file 
comprises a logical identifier "CARD_HOLDER" . 

The microcircuit card 10 includes a third data 
15 object, namely a variable (or "object data") in a register 
of the rewritable memory EEPROM . 

That variable includes a first reference local to 
the card coded in hexadecimal on two bytes, in the present 
example "0050H" . It is assumed that this variable is used 
20 to store a date. 

According to the present invention, this variable 
includes a logical identifier, here the character string 
"date". 

According to the present invention, the 
25 microcircuit card contains a file 20 storing a table 
including one row for each data object accessible by a 
software application executing on a computer system 
terminal or on a third-party computer system. 

Each row in the table in the file 20 includes: 
30 - a record including the logical identifier of the 

data object, and 

- a record including a first reference of that 
object local to the card. 

The microcircuit card 10 includes an application 
35 CardManager stored in the read-only memory ROM, for 
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example . 

In known manner, the application CardManager is 
adapted, using the input-output means I/O, to exchange 
messages consisting of APDU commands and responses with the 
5 computer system terminal into which the microcircuit card 
is inserted. 

It is adapted in particular to receive from the 
above terminal a message Lookup_APDU including the logical 
identifier of a data object. 
10 The application CardManager is also adapted, using 

the file 20, to communicate a second local reference of the 
data object to the terminal on reception of the message 
Lookup_APDU . 

To be more precise, the application CardManager 
15 extracts the logical identifier contained in the APDU 
message, looks in the file 20 for the row containing that 
logical identifier in its second column, and obtains the 
first local reference contained in the second column of the 
same row. 

20 In an embodiment described here, the first local 

reference obtained in this way is then encrypted using a 
function K that uses an encryption key KEY stored in the 
rewritable memory EEPROM, which makes it possible to obtain 
a second local reference communicated to the terminal by 

25 the application CardManager. 

Alternatively, the second local reference 
communicated to the terminal is the first local reference 
itself . 

In the preferred embodiment, the communication 
30 means are adapted, on reception of a message including the 
logical identifier of a data object conforming to the Java 
Card 2.2 standard, to communicate the identifier AID of the 
Java Card applet CalculatorApplet including that data 
object, for example the reference AO0OOOO000H, 
35 Thus, on reception of a message including the 
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logical identifier "myCalculator' 7 , the communication means 
communicate the identifier AID A000O00OOOH of the Java 
applet CalculatorApplet and the second local reference 
K (00 60H) =04 6 Oh obtained by encrypting the local reference 
5 0060H using the key KEY . 

The application CardManager also supplies the name 
Calculator of the interface of the data object. 
Moreover : 

- on reception of a message including the logical 
10 identifier "CARD_HOLDER" , the communication means 

communicate the second local reference K(0004H); and 

- on reception of a message including the logical 
identifier "date", the communication means communicate the 
second local reference K(0050H). 

15 In a first embodiment, the file 20 is constructed 

statically at the time of creating the card. For example, 
it is a table stored in the read-only memory ROM. 

In the preferred embodiment described here, the 
file 20 is updated dynamically. To this end, the 
20 microcircuit card 10 includes means for publication the 
logical identifier and the first local reference in the 
file 20 of the card. 

Here the publication means consist of a computer 
program Binding__API stored in read-only memory ROM and 
25 including a computer instruction bind, one example of the 
use of which, for publishing the program "myCalculator" , is 
given in line A3 3 of appendix A. 

As described here with reference to appendix A, 
this publication is preferably performed on initialization 
30 of the Java applet CalculatorApplet. 

A computer equipment 100 of terminal type and 
conforming to the present invention is described next with 
reference to figure 2. 

In the present example, the terminal 100 is a 
35 personal computer PC including means 110 for inserting a 
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microcircuit card 10 as described above with reference to 
figure 1. 

The terminal 100 includes in particular means known 
in the art for implementing a software application, namely 
5 a processor CPU associated with ROM and RAM and a hard disk 
drive DISK. 

The terminal 100 also includes input-output means 
I/O adapted to send digital data to and to receive data 
from a microcircuit card of the invention. 

10 The input-output means I/O consist, for example, of 

a serial port known to the person skilled in the art. 

According to the present invention, the terminal 
100 can implement a software application DesktopApp stored 
on the hard disk drive DISK and including at least one 

15 first instruction for using a data object in a microcircuit 
card, that first instruction using the logical identifier 
of that object. 

The code of the software application DesktopApp is 
set out in lines B21 through B31 of appendix B. That code 

20 includes in particular a line B23 using the logical 
identifier "myCalculator" of the computer program defined 
above with reference to figure 1. 

In order to be able to use that logical identifier, 
and to ensure compatibility with the Java Card 2.2 

25 standard, the computer equipment terminal 100 includes 
means for obtaining a second local reference from that 
logical identifier, through cooperation with the input- 
output means I/O. The second local reference is obtained by 
the microcircuit card 10 from a first reference of the data 

30 object local to the microcircuit card. 

In the embodiment described here, the means for 
obtaining are provided by a program CardNaming . lookup 
stored on the hard disk drive DISK and whose source code is 
set out in lines B12 through B20 of appendix B. 

35 In the embodiment described here, the means for 
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obtaining first obtain the identifier AID of the applet 
CalculatorApplet including the data object: 

(B14 ) : byte [ ] AID= CardNaming . cardManagerLookup ( "myCalculator" ) ; 
In the example described here, the method 
5 CardNaming . cardManagerLookup constructs a first APDU 
command containing the logical identifier myCalculator and 
sends that APDU command to the card. 

The card responds by sending back the corresponding 
AID identifier, i.e. the value A000000000H. 
10 This first APDU command causes execution on the 

card of the instruction Lookup__AID of the application 
CardManager which obtains from the file 20 the value of the 
AID associated with the logical identifier myCalculator. 

In a known manner (after sending an APDU command 
15 for selecting the application CardManager, in accordance 
with the IS07816 standard), the first APDU command is sent 
by the method CardNaming . cardManagerLookup using the class 
CardService predefined by the OCF (Open Card Framework) 
consortium for sending APDUs to a card. The syntax of this 
20 APDU command is set out in appendix C. 

In a second stage, the program 

CardNaming . appletLookup sends a second APDU command with 
two input parameters, namely the identifier AID 
(A000000000H) of the applet obtained previously and the 
25 logical identifier myCalculator of the data object of the 
card . 

The program CardNaming . appletLookup obtains in 
return the temporary second local reference K ( 0060H) =04 60h 
obtained by encryption from the first local reference 0060H 
30 of that object on the microcircuit card. 

(B15) byte [ ] ref = CardNaming . appletLookup (AID, "myCalculator" ) ; 
This second APDU command, whose syntax is set out 
in appendix D, causes the execution on the card of the 
instruction lookup_ref erence of the application CardManager 
35 that obtains from the file 20 the first local reference 
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0060H associated with the logical identifier myCalculator 
and then calculates the second local reference 0460h. 

The computer equipment terminal 100 further 
includes means for translating the first instruction into 
5 at least one second instruction that can be executed on 
said card, that second instruction using said at least one 
second local reference. 

Thus for example, if the software application 
DesktopApp wishes to modify the content of the variable of 

10 the microcircuit card 10 whose logical identifier is "date" 
with the value "01/01/2002" , the translation means generate 
a second instruction in the form of a command Put_data 
APDU, whose syntax is set out in appendix E. That 
instruction uses the first local reference 0050H of that 

15 object. 

In the embodiment described here, the translation 
means consist of a proxy object created from the second 
local reference of the object (0460H) previously obtained. 
In this embodiment, the proxy object is an instance of the 

20 class Proxy known to the person skilled in the art and 
defined by the Java 2™ platform Standard, Edition VI . 3 . 

According to the Java 2™ platform, Standard 
Edition VI. 3, a class CardHandler is constructed that 
includes a method invoke for translating method calls in 

25 cooperation with the object proxy. The method invoke uses 
the class CardService defined by the OCF (Open Card 
Framework) consortium. The pseudocode of the class 
CardHandler is set out in lines Bl to Bll of appendix B. 

In the example described here, the object proxy is 

30 constructed (lines B16 and B17) and returned (line B18) by 
the method CardNaming . lookup . 

Accordingly, after execution of the instruction of 
line B23 of appendix B, an object calculator is created in 
the terminal and enables translation of instructions using 

35 the data object of the card whose logical reference is 
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"myCalculator" . 

The second reference ref local to the card of the 
translation object calculator is stored by the manufacturer 
of the class CardHandler described above (line B4, appendix 
5 B) . 

The translation object calculator may then be used 
in a program of the terminal to execute methods of the 
object of the microcircuit card whose logical reference is 
"myCalculator" . 

10 For example, the developer of this kind of program 

can write line B24 of appendix B to execute addition of the 

numbers 5 and 6 on the microcircuit card. 

On execution of the instruction from the line B24, 

the method Invoke of the object CardHandler described above 
15 creates and sends the APDU command Invoke conforming to the 

Java 2.2 standard. The syntax of this command is set out in 

appendix G. 

The applet CalculatorApplet has been selected 
beforehand, at the time of execution of the line B15. 

20 According to the Java Card 2.2 standard, the 

instruction invoke communicated in this way to the applet 
CalculatorApplet by means of the APDU command initiates 
execution of the method add with the parameters 5 and 6. 

The present invention further enables a software 

25 application executing on a third-party system to access a 
data object of the microcircuit card using its logical 
identifier when the card is inserted into a terminal 
connected to the third-party system via a telecommunication 
network . 

30 To this end, and in a preferred embodiment, the 

computer equipment terminal 100 includes means for 
publication in a register Standard RMI Registry of a 
volatile random-access memory RAM of the terminal a buffer 
object remoteCalculator having an interface identical to 

35 that of the data object of the microcircuit card and 
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enabling an application executing on a third-party system 
to use that data object. 

To this end, an intermediate object 

calculator_invoker is first created (line B25, appendix B) 
5 from the translation object calculator described above. 

The object calculator_invoker belongs to the class 
Invokerlmpl , which is itself a class UnicastRemoteOb j ect 
known to the person skilled in the art and implementing the 
Java SE 1.3 RMI mechanisms. The code of the class 

10 Invokerlmpl is set out in appendix F, lines F3 to F8 . 

In known manner, the intermediate object 
calculator_invoker includes the translation object 
calculator and a method invokeMethod, that method 
invokeMethod implementing a mechanism for translating calls 

15 to methods of the object calculator using the reflectivity 
mechanism of the Java language (line F7 ) . 

The object calculator_invoker created in line B25 
is an RMI object stored in the register Standard RMI 
Registry of the terminal but does not have the methods of 

20 the data objects on the microcircuit card. In particular, 
it does not have the method add. 

To enable use of that method by an application 
executing on a third-party system, there is stored in the 
register Standard RMI Registry of the terminal the buffer 

25 object remoteCalculator (lines B27 to B29) that implement 
the methods of the object of the card whose logical 
identifier is ^myCalculator", the object remoteCalculator 
being also identified by the logical identifier 
"myCalculator" (line B29) . The object remoteCalculator 

30 contains also the logical identifier and the RMI call means 
to the intermediate object calculator_invoker , as can be 
seen in the code of the class InvokeHandler , lines F9 to 
F15. The buffer object remoteCalculator is adapted, by 
calling on the object calculator_invoker , to translate an 

35 instruction that is executed on the third-party system and 
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using said logical identifier into at least one second 
instruction that can be executed on said card using the 
second local reference (0460H) . 

Thus two objects are stored in the register 
5 Standard RMI registry of the terminal, namely the 
intermediate object calculator_invoker under the identifier 
"myCalculator_Invoker" (line B26) and the buffer object 
remoteCalculator with the logical identifier "myCalculator" 
(line B29) . 

10 Accordingly, if a software application of the 

third-party system executes the following instruction: 

Calculator calculator_third_party= (Calculator ) Naming . lookup ( "myCalculator " ) 

15 the Java 2 SE method Naming . lookup reads the buffer object 
remoteCalculator in the register Standard RMI registry of 
the terminal system, reconstructs it in the third-party 
system, and assigns it to the object 

calculator_third_party . 

20 The software application of the third-party system 

can then use the object calculator__third-party to access 
the corresponding object of the microcircuit card 10 via 
the intermediate object calculator_invoker of the terminal 
system. 

25 Thus the data objects of the microcircuit card 10 

can be used on a third-party computer system networked to 
the computer system terminal 100. 

In the preferred embodiment described here, the 
terminal system also supplies the publication means 

30 described above for the publication of the object 
calculator in the form of a class Java BindingService whose 
principal instructions, necessary for understanding the 
invention, are set out in appendix F, lines F16 to F30. 

The publication means BindingService are in 

35 particular adapted to obtain and to publish in the register 
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standard RMI Registry of the terminal all the buffer 
objects of the data objects published by the microcircuit 
card. 

In the preferred embodiment described here, the 
5 publication means BindingService use for this purpose the 
APDU command get__bound_obj ects__APDU whose syntax is set out 
in appendix G. 
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APPENDICES 

APPENDIX A 

Al public interface Calculator extends Remote { 

A2 short add (short a, short b) throws RemoteException; 

A3 } 

A10 public class Calculatorlmpl extends CardRemoteObject implements Calculator { 

All public Calculatorlmpl ( ) { super ( ) ; } 

A12 short add (short a, short b) throws RemoteException { 

A13 return (short) (a+b) ; 

A14 } 

A15 ) 

A20 public class CalculatorApplet extends Applet { 

A21 private Dispatcher dispatcher; 

A22 private final static byte CALCULATOR = { (byte)m, (byte)y, (byte)C, (byte)a, (byte)l 

A23 , (byte)c, (byte)u, (byte)l, (byte)a, (byte)t, (byte)o, (byte)r }; 

A30 private CalculatorApplet { 

A31 Calculator calculator = new Calculatorlmpl ( ) ; 

A32 OCSRMIService rmi « new OCSRMI Service (calculator) ; 

A33 RMIRegistry.bind (CALCULATOR, (short) 0, (byte) CALCULATOR. length, 

A34 calculator) ; 

A35 dispatcher = new Dispatcher ( 1) ; 

A36 dispatcher . addService (rmi, Dispatcher . PROCESS_COMMAND) ; 

A37 ) 

A40 public static void install (byte ( ] buffer, short offset, byte length) { 

A41 (new CalculatorApplet ( )). register ( ); 

A42 ) ; 

A50 public void process (APDU apdu) { install (byte [ ] buffer, short offset, byte length) { 

A51 dispatcher .process (apdu); 

A52 } 

A53 ) 
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Bl class CardHandler implements Invocation Handler { 

B2 private byte [J ref; 

B3 CardHandler (byte [] ref) { 

B4 this, ref =*ref; 

B5 } 

B6 public Object invoke (Object proxy, Method method, Object [ ]params) ( 

B7 /* Translation code of the call to the method "method" */ 

B8 /* Construction of an APDU, using ref to start execution of the method 

"method" on the card */ 

B9 /* Sending of the APDU to the card and recovery of the response returned by 

the method */ 

BIO } 

Bll } 

B12 class CardNaming { 

B13 public static Remote lookup ( String name) { 

B14 byte aid[] = CardNaming. cardManagerLookup (name); 

B15 byte ref[] = CardNaming. appletLookup (aid, name); 

B16 Cardhandler ch = new Cardhandler (K (ref )) ; 

B17 Remote proxy « (Remote) Proxy . newProxylnstance (..., ch, ...) ; 

B18 return proxy; 

B19 } 

B20 ) 

B21 public class DesktopApp { 

B22 void main (String [] args) { 

B23 Calculator calculator = (Calculator) CardNaming . lookup ("myCalculator") ; 

B24 short result = calculator . add ( (short ) 5, (short 6) ; 

B25 Invokerlmpl calculator_invoker = new Invokerlmpl (calculator ) ; 

B26 Naming. bind ( u myCalculator_invoker" , calculator_invoker) ; 

B27 InvokerHandler handler = new InvokerHandler ("myCalculator_invoker") ; 

B28 Remote remoteCalculator = Proxy . newProxylnstance (..., handler,...); 

B29 Naming. bind ("myCalculator", remoteCalculator); 

B30 ) 

B31 } 



20 



APPENDIX C 



AID Lookup APDU 


Field name 
(ISO 7816) 


Hexadecimal value 


Description of the 
content of the field 


CLA 


80h 


Proprietary call class 


INS 


42h 


Instruction lookup_AID 


PI 


OOh 


No parameter 


P2 


OOh 


No parameter 


Lc 


OCh 


Length of the logical 
identifier myCalculator 


Data field 


6D7 94361 6C637 56C6174 6F72h 


Logical identifier 
myCalculator coded in 
UTF-8 format 


Le 


OOh 


Expected size of the 
response unknown 
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Reference Lookup APDU 


Field name 
(ISO 7816) 


Hexadecimal value 


Description of the 
content of the field 


CLA 


80h 


Proprietary call class 


INS 


40h 


Instruction 
lookup reference 


PI 


OOh 


No parameter 


P2 


lOh 


Special parameter 


Lc 


OCh 


Length of the logical 
identifier 


Data field 


6D7 943616C63756C617 4 6F72h 


Logical identifier 
coded in UTF-8 format 


Le 


OOh 


Expected size of the 
response unknown 


APPENDIX E 


Put data APDU 


Field name 
(ISO 7816) 


Hexadecimal value 


Description of the 
content of the field 


CLA 


80h 


Proprietary call class 


INS 


Dah 


Instruction Put data 


PI 


OOh 


First byte of the tag 
date 


P2 


50h 


Second byte of the tag 
date 


Lc 


04h 


Length of date 
01/01/2002 


Data 


01012002h 


Date 01/01/2002 
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APPENDIX F 



Fl public interface Invoker extends Remote { 

F2 public Object invoke (OMethod method, ObjectU args) ; ) 

F3 public class Invokerlmpl extends UnicastRemoteObject implements Invoker { 

5 F4 private Remote cardObject; 

F5 Invokerlmpl (Remote cardObject) {Super (); this . cardObject = cardObject;} 

F6 public Object invokeMethod( String method, Object [] args) { 

F7 /** use Reflectivity **/ } 

F8 ) 

10 F9 public class InvokerHandler implements InvocationHandler, Serializable { 

F10 private String invokerName; 

Fll InvokerHandler (String invokerName) { this . invokerName = invokerName;} 

F12 public Object invoke (Object proxy, Method method, Object [] args) { 

F13 Invoker invoker = Naming . lookup (invokerName) ; 

15 F14 return invoker . invokeMethod (getString (method) , args); } 

F15 } 

F16 public class BindingService { 

F17 public static main (String [ ] args) { 

F18 String registryURL = args[l]; 

20 F19 Iterator iterator = getBoundObjects ( ) ; 

F20 while ( iterator . hasNext () ) { 

F21 String name - (String) iterator . next () ; 

F22 Remote cardObject = CardNaming . lookup (name) ; 

F23 Invokerlmpl invoker = new Invokerlmpl (cardObject) ; 

25 F24 String invokerName = registryURL + name + n _Invoker"; 

F25 Naming. bind (invokerName, invoker); 

F26 InvokerHandler handler = new Invokerhandler (invokerName) ; 

F27 Remote remoteObject = Proxy . nexProxylnstance (..., handler,...); 

F28 Naming. bind (registryURL + name, remoteObject); 

30 F29 } 

F30 } 



F31) 
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APPENDIX 6 



Invoke APDU 


Field name 
(ISO 7816) 


Hexadecimal value 


Description of the 
content of the field 


CLA 


80h 


Proprietary call class 


INS 


38h 


Instruction Invoke 


PI 


02h 


First byte of version 
Java Card 


P2 


02h 


Second byte of version 
Java Card 


Lc 


08h 


Length of data 


Data 


0460 A7F6 0005 0006h 


Data: reference (2 
bytes) , method add (2 
bytes), parameter "5" 
(2 bytes) and parameter 
"6" (2 bytes) 


APPENDIX H 


get bound objects APDU 


Field name 
(ISO 7816) 


Hexadecimal value 


Description of the 
content of the field 


CLA 


80h 


Proprietary call class 


INS 


44h 


Instruction 

get bound objects 


PI 


OOh 


No parameter 


P2 


OOh 


No parameter 


Le 


OOh 


Expected size of the 
response 



